diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-12-04 18:30:48 -0500 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-12-04 18:30:48 -0500 |
| commit | 999faa790220ec94aacc66d5880f20d3719aadd1 (patch) | |
| tree | e8a2be49c9d5720153ef634a470e840bbe4747c8 | |
| parent | ef3de36732ce9ec5299806695f01159435a2ba3d (diff) | |
| download | openssl_tpm2_engine-999faa790220ec94aacc66d5880f20d3719aadd1.tar.gz | |
provider: fix reference counting
The provider originally didn't take references in the context to the
peer and standard key for EC derivation. Openssl 3.2 broke this
assumption by freeing the peer key early. Fix this by taking the
correct references.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | src/provider/decryption.c | 9 | ||||
| -rw-r--r-- | src/provider/keymgmt.c | 2 | ||||
| -rw-r--r-- | src/provider/provider.h | 1 |
3 files changed, 11 insertions, 1 deletions
diff --git a/src/provider/decryption.c b/src/provider/decryption.c index 47c7667..5bdc905 100644 --- a/src/provider/decryption.c +++ b/src/provider/decryption.c @@ -32,6 +32,11 @@ static void tpm2_decryption_freectx(void *ctx) { struct decryption_ctx *dctx = ctx; + if (dctx->ad) + tpm2_keymgmt_free(dctx->ad); + if (dctx->peer_ad) + tpm2_keymgmt_free(dctx->peer_ad); + osslm_decryption_freectx(&dctx->dctx); OPENSSL_free(dctx); } @@ -108,6 +113,8 @@ tpm2_keyexch_init(void *ctx, void *key, const OSSL_PARAM params[]) struct decryption_ctx *dctx = ctx; dctx->ad = key; + atomic_fetch_add_explicit(&dctx->ad->refs, 1, + memory_order_relaxed); return 1; } @@ -118,6 +125,8 @@ tpm2_keyexch_set_peer(void *ctx, void *peerkey) struct decryption_ctx *dctx = ctx; dctx->peer_ad = peerkey; + atomic_fetch_add_explicit(&dctx->peer_ad->refs, 1, + memory_order_relaxed); return 1; } diff --git a/src/provider/keymgmt.c b/src/provider/keymgmt.c index aa9c120..aa5d55d 100644 --- a/src/provider/keymgmt.c +++ b/src/provider/keymgmt.c @@ -20,7 +20,7 @@ static void *tpm2_keymgmt_load(void *ref, size_t ref_size) return ad; } -static void tpm2_keymgmt_free(void *ref) +void tpm2_keymgmt_free(void *ref) { struct app_data *ad = ref; int refcnt = atomic_fetch_sub_explicit(&ad->refs, 1, diff --git a/src/provider/provider.h b/src/provider/provider.h index 3eac2cf..f358d10 100644 --- a/src/provider/provider.h +++ b/src/provider/provider.h @@ -33,6 +33,7 @@ extern const OSSL_ALGORITHM decoders[]; extern const OSSL_ALGORITHM keymgmts[]; void *tpm2_keymgmt_new(void *pctx); /* needed by decode_encode.c */ +void tpm2_keymgmt_free(void *ref); /* needed by decryption.c */ /* signatures.c */ |